@mat54 The definition of personal information in this law, is wider than you assume most likely. It also includes IP addresses, nicknames, login ids, real names, fingerprints of your browser, etc etc. basically anything that can potentially lead back to the user.
The collection of the data in itself is not the problem though. The purpose with which you do so, having permission (by law, process or user consent), and what you do with the data when you no longer need it are the key technical aspects. Added to this, is your ability to tell the user what information you have collected about him, and potentially remove or anonymise that data when requested, are what determine your liability here. And like so often with law aspects, the answer than quickly becomes 'it depends'.
For instance, if you can easily remove stuff from the database yourself, because you have the skill and your user base is small enough that this procedure is manageable, then you don't need the software to be able to do that for you. You are still compliant. If you leak all the email addresses and real names of all your users (former and current) of a forum for coaching people with mental illness, then you have a problem (you leaked identifiable (medical) information of users who are no longer part of the coaching program), especially if those people had actively requested you to delete the information you have on them.
DJ
On Wed, Feb 21, 2018 at 5:23 PM, mat54@ziggo.nl wrote:
LS,
First of all I have no legal background so the solution must be simple and clear (KIS)
On my wiki there are only invited users and from them I have not for example a birthday , address or other personal information. So in my simple mind I don’t have privacy content.
But the question remains must I still comply to the new ruling??
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l